惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
L
Lohrmann on Cybersecurity
aimingoo的专栏
aimingoo的专栏
V
V2EX
S
Security Affairs
T
Threatpost
C
CXSECURITY Database RSS Feed - CXSecurity.com
IT之家
IT之家
J
Java Code Geeks
The Register - Security
The Register - Security
U
Unit 42
C
CERT Recently Published Vulnerability Notes
月光博客
月光博客
A
About on SuperTechFans
H
Hackread – Cybersecurity News, Data Breaches, AI and More
T
The Blog of Author Tim Ferriss
Cisco Talos Blog
Cisco Talos Blog
Project Zero
Project Zero
S
Schneier on Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
D
DataBreaches.Net
博客园 - 司徒正美
V
Vulnerabilities – Threatpost
T
Tor Project blog
Security Latest
Security Latest
T
The Exploit Database - CXSecurity.com
T
Threat Research - Cisco Blogs
Scott Helme
Scott Helme
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
小众软件
小众软件
L
LangChain Blog
Attack and Defense Labs
Attack and Defense Labs
Recent Commits to openclaw:main
Recent Commits to openclaw:main
P
Palo Alto Networks Blog
A
Arctic Wolf
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
C
Cyber Attacks, Cyber Crime and Cyber Security
博客园 - 叶小钗
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
LINUX DO - 最新话题
MongoDB | Blog
MongoDB | Blog
Webroot Blog
Webroot Blog
H
Hacker News: Front Page
Know Your Adversary
Know Your Adversary
Spread Privacy
Spread Privacy
AWS News Blog
AWS News Blog
Engineering at Meta
Engineering at Meta

Socket

Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Mu... Next.js moves to scheduled security releases - Socket 11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windo... Compromised npm Packages in the AsyncAPI Namespace Deliver M... jscrambler npm Package Compromised in Supply Chain Attack - ... Fake Braintree NuGet Package Skims Credit Cards and Harvests... Compromised Injective SDK npm Package Exfiltrates Wallet Key... npm v12 Ships With Install Scripts Off by Default, Begins De... Malicious Go Module Exposes GitHub Malware Lure Network Span... pnpm 11.10 Hardens Registry Authentication to Block Token Re... Coordinated npm and PyPI Campaign Typosquats Popular Secure ... Node.js Considers Public Workflow for Security Reports Amid ... PolinRider: North Korea-Linked Supply Chain Campaign Expands... Risky Biz Podcast: AI Agents Are Raising the Stakes for Soft... Chrome and Firefox Extensions Posing as Free VPNs Add Clipbo... Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages - S... Rolldown Pulls Rust React Compiler Integration After Binary ... Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and Git... Frontier AI Is Now Critical Infrastructure - Socket The Code You Didn't Write Is Still Yours to Defend - Socket GitHub Actions Checkout Now Blocks Risky pull_request_target... Introducing Repository Access Permissions and Custom Roles -... Socket MCP Adds Org Alerts, Threat Feed Review, and Package ... Socket Firewall Now Blocks Malicious VS Code and Open VSX Ex... 140+ Mastra npm Packages Compromised in Coordinated Supply C... npm Package Uses Prompt Injection and Token Flooding to Disr... Introducing Manifest Alerts - Socket GlassWASM: WebAssembly Malware Found in Trojanized Open VSX ... Socket for Linear Is Now Available - Socket US Government Forces Anthropic to Pull Claude Fable Days After Launch 152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic Andrew Becherer Joins Socket as Chief Information Security Officer Socket Partners with Replit to Block Malicious Packages in AI-Powered Development npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems pnpm 11.5 Adds Support for Recognizing npm Staged Publishes pnpm 11.5 Adds Support for Recognizing npm Staged Publishes Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages Famous Chollima Targets PHP Developers Through Compromised Packagist Package Famous Chollima Targets PHP Developers Through Compromised Packagist Package Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security OSV Withdraws 157 Malware Reports After Automated False Positives Hit npm and PyPI OSV Withdraws 157 Malware Reports After Automated False Positives Hit npm and PyPI TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io Laravel Lang Compromised with RCE Backdoor Across 700+ Versions Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js Projects AI Has Taken Over Open Source npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry Coruna Respawned: Compromised art-template npm Package Leads to iOS Browser Exploit Kit Socket raises $60M Series C at $1B valuation led by Thrive Capital to secure AI-driven software development Socket Raises $60M Series C at a $1B Valuation to Help Enterprises Build Securely With AI Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor Active Supply Chain Attack Compromises @antv Packages on npm Popular node-ipc npm Package Infected with Credential Stealer TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks Packagist Urges Immediate Composer Update After GitHub Actions Token Leak GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government Socket Named to Rising in Cyber 2026 List of Top Cybersecurity Startups TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack fsnotify Maintainer Dispute Sparks Supply Chain Concerns Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape 5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer pnpm 11 Adds Supply Chain Protection Defaults for Minimum Release Age and Exotic Subdependencies PyPI Fixes High-Severity Access Control Issues Found in Security Audit Malicious Ruby Gems and Go Modules Impersonate Developer Tools to Steal Secrets and Poison CI Mini Shai-Hulud Spreads to Packagist: Malicious Intercom PHP Package Follows npm Compromise lightning PyPI Package Compromised in Supply Chain Attack Malicious npm Package Brand-Squats TanStack to Exfiltrate Environment Variables SAP CAP npm Packages Hit by Supply Chain Attack Socket Has Acquired Secure Annex 73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations Introducing Reachability for PHP Introducing Data Exports Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions Introducing Organization Notifications in Socket Introducing Reports: An Extensible Reporting Framework for Socket Data Socket for Jira Is Now Available Socket Named Top Sales Organization by RepVue NIST Officially Stops Enriching Most CVEs as Vulnerability Volume Skyrockets Socket Selected for OpenAI's Cybersecurity Grant Program Feross on the 10 Minutes or Less Podcast: Nobody Reads the Code 108 Chrome Extensions Linked to Data Exfiltration and Session Theft via Shared C2 Infrastructure Node.js Drops Bug Bounty Rewards After Funding Dries Up The Hidden Blast Radius of the Axios Compromise
Intercom’s npm Package Compromised in Ongoing Mini Shai-Hulud Worm Attack
Socket Resea · 2026-04-30 · via Socket

Sidebar CTA Background

Secure your dependencies with us

Socket proactively blocks malicious open source packages in your code.

Install

Socket AI scanner detected, and the Socket Threat Research team has confirmed that intercom-client@7.0.4 is malicious, identifying a fresh compromise of the npm package used for Intercom’s Node.js client.

intercom-client is a widely used official SDK for Intercom’s API. While it is not among npm’s largest packages, npm package aggregators report roughly 360,000 weekly downloads, and npm lists more than 100 dependent projects. The real exposure may extend beyond direct dependents, since the package is commonly installed in backend services, developer environments, and CI/CD pipelines that integrate with Intercom’s API.

Version 7.0.4 of intercom-client contains two malicious files that were not present in the previous version, 7.0.3: setup.mjs and router_runtime.js. The earlier version was published 88 days before 7.0.4 and did not contain the same files, confirming that the malicious code was introduced in the latest release.

The package includes a preinstall hook that runs setup.mjs during installation. The script downloads and executes an unverified Bun binary from GitHub without integrity checks. The second malicious file, router_runtime.js, is an 11.7 MB heavily obfuscated JavaScript file designed to collect Kubernetes and Vault credentials from environment variables and local files. Stolen secrets are encrypted and exfiltrated through the GitHub API.

The attack closely resembles the lightning@2.6.2 PyPI attack from earlier today, as well as the TeamPCP-linked supply chain campaign we reported yesterday affecting SAP CAP and Cloud MTA npm packages. The router_runtime.js file is almost identical to the one used in the lightning attack. In these campaigns, compromised packages also introduced a preinstall script that downloaded a platform-specific Bun ZIP from GitHub Releases, extracted it, and immediately executed the extracted Bun binary on an inserted JavaScript payload. Those packages similarly used an approximately 11.7 MB obfuscated file, targeted developer and CI/CD environments, and abused GitHub infrastructure for exfiltration.

The overlap is significant because the SAP CAP campaign was linked to TeamPCP activity based on shared technical details, including distinctive payload implementation patterns, GitHub-based exfiltration, credential harvesting across developer and CI/CD environments, and similarities to prior attacks affecting Checkmarx, Bitwarden, Telnyx, LiteLLM, and Aqua Security Trivy. We are continuing to analyze whether the intercom-client compromise is part of the same campaign, a direct follow-on attack, or a copycat using similar tooling.

The malicious files were injected into the npm distribution for 7.0.4.

The compromise affects developers and CI/CD environments that installed intercom-client@7.0.4. Because the malicious behavior runs during installation, affected systems may have been exposed even if the package was never imported or used directly in application code.

We recommend that users immediately remove intercom-client@7.0.4, downgrade to a known-good version, rotate potentially exposed credentials, and review systems where the package may have been installed. Environments with Kubernetes credentials, Vault tokens, cloud credentials, or GitHub tokens should be prioritized for investigation.

Suspicious GitHub Activity Linked to the Compromise

Several reports were filed on the intercom-node repository reporting on the compromised release. These issues were subsequently closed, redacted, and retitled to “N/A” by the GitHub user nhur. This GitHub account nhur exhibited a burst of suspicious activity on April 30, 2026, concentrated within a ~47-minute window. During this time, the account created three new public repositories—ghola-melange-, mentat-melange-, and powindah-sietch-*—all with similar naming patterns and identical descriptions ("A Mini Shai-Hulud has Appeared"). These repositories contained minimal content and appear to have been created via the GitHub web interface.

In parallel, the account performed write actions across 11 repositories in the intercom organization, where it had private membership and access. These actions included creating branches with names resembling Dependabot conventions but containing a typo (e.g., dependabout/github_actions/...), and pushing commits that introduced new GitHub Actions workflows (such as .github/workflows/format-check.yml) and modified existing CI configuration files. The commits used spoofed identities (e.g., "dependabot[bot]" or "claude") but lacked verified signatures.

The newly introduced workflow files were configured to access repository secrets via ${{ toJSON(secrets) }} and write them to files, which were then set up for upload as GitHub Actions artifacts. In at least one repository (intercom-node), subsequent activity shows that a GitHub Actions bot committed additional files shortly after the initial push, indicating that CI workflows were triggered and executed. These follow-on commits added files under .claude/ and .vscode/ directories. These are hallmarks of the Shai-Hulud–style supply chain worm and its later variants.

Compromised GitHub Account Triggered CI Publish Workflow#

We have confirmed that the GitHub user nhur was compromised and that the malicious intercom-client@7.0.4 package was published through a now-deleted branch that triggered an automated CI publish workflow.

A commit to intercom/intercom-node from nhur shows a workflow change titled “Test Commit” that does not belong to any branch in the repository. The commit deleted .github/workflows/ci.yml and added .github/workflows/test.yml, with the new workflow named dependabot/fix and configured to run on pushes to a branch of the same name.

We’re tracking this Mini Shai-Hulud campaign on a dedicated page with affected package artifacts, detection details, and related coverage:

https://socket.dev/supply-chain-attacks/mini-shai-hulud

We are continuing to monitor the package and will update this post as more information becomes available. This is a developing story. We are investigating the scope of exposure, remediation status, and any response from the package maintainers, npm, or GitHub.

Indicators of Compromise (IOCs)#

Files

  • router_runtime.js
    • SHA256 5ae8b2343e97cc3b2c945ec34318b63f27fa2db1e3d8fbaa78c298aa63db52ed
    • SHA1 0cf67457352cf82dea4189d9dbd41b8f519dbb81
    • MD5 9bd71891febd47b6a7d9ef1f6120662a
  • setup.mjs
    • SHA256 fe64699649591948d6f960705caac86fe99600bf76e3eae29b4517705a58f0e2
    • SHA1 7c8bf63a9ba9169d5237acfc683f1bd004349341
    • MD5 598f8a39b021cf56d33432b6f67f7660

Public RSA Keys

  • MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAm1ThuFsx+rWD5RFI8A7B rfqrCQjmy+cqqbWew+a2XhtU7nsJebqZfj8Evc6NLXOoMc1arQtWjV9r6bILrLyh aL0WuRERGvAl/9/cPRwYotUvkQKvwMZHruaCCqMGVF6XndpJQ8ejOm5AVsV6MNhl VepMDfBhuvtM6E0/JrFOd304stkl+wfVyTz2Kd2ehy8+o1BBhpV6v6sShF5CZCwZ qgw/V4wYBgLHx1RHrraPu7m/so/wEWpmrQ8qYsJxd9Nmrjfcd8hJy5mpcQfhY03JiVOtzztfnHaa F7js9FTPWs9hhJbEFik6eHDcRCH6VXQ86/ieRxVdS3aSf/bY8KC
  • MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA55aMQwvJuy++UvFmWrPW agKRz35hwLlAKUrYjC0Bvqu/1C9uDeVGxNrfkUE8sm3motzVBwJAHl9iOrcepqt6 2kckAbxV9T7wCarVjb+iQRV/gPHlbMJf/cRttJXfU5TwbwFuWtuusxQufAdVveeg qprcOwJ5OBZoz5XeloyRDUVGWA4viZ0TNgpne3RXioJekEWSadSw0pwwc2azIzHB EBzhx5ehCkNm31xel/TXxPlAhl5QTBu9j2VOjNMEc6sDMhr3qRxL0eX5B/HJ2Dt9 CDYJ24F9lJLYVuGkO77UKLaiacFUHSUGQxnhMQ9dr3c4/uPm/I2APNinde2HzY/L

Network Indicators (Do Not Block)

  • hxxp://169[.]254[.]169[.]254 AWS IMDS
  • hxxp://169[.]254[.]170[.]2 AWS ECS credentials
  • hxxp://169[.]254[.]170[.]23 AWS ECS (alt endpoint)
  • hxxp://metadata[.]google[.]internal GCP IMDS